package org.apache.syncope.sra.security.saml2;

import org.apache.syncope.sra.ApplicationContextUtils;
import org.apache.syncope.sra.security.LogoutRouteMatcher;
import org.apache.syncope.sra.security.PublicRouteMatcher;
import org.pac4j.saml.client.SAML2Client;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.cache.CacheManager;
import org.springframework.context.ConfigurableApplicationContext;
import org.springframework.security.authentication.ReactiveAuthenticationManager;
import org.springframework.security.config.web.server.SecurityWebFiltersOrder;
import org.springframework.security.config.web.server.ServerHttpSecurity;
import org.springframework.security.web.server.authentication.logout.LogoutWebFilter;
import org.springframework.security.web.server.context.WebSessionServerSecurityContextRepository;
import reactor.core.publisher.Mono;

/* loaded from: input_file:org/apache/syncope/sra/security/saml2/SAML2SecurityConfigUtils.class */
public final class SAML2SecurityConfigUtils {
    private static final Logger LOG = LoggerFactory.getLogger(SAML2SecurityConfigUtils.class);

    private static ReactiveAuthenticationManager authenticationManager() {
        return authentication -> {
            return Mono.just(authentication).filter((v0) -> {
                return v0.isAuthenticated();
            });
        };
    }

    public static void forLogin(ServerHttpSecurity serverHttpSecurity, SAML2Client sAML2Client, PublicRouteMatcher publicRouteMatcher) {
        ReactiveAuthenticationManager authenticationManager = authenticationManager();
        serverHttpSecurity.addFilterAt(new SAML2WebSsoAuthenticationRequestWebFilter(sAML2Client), SecurityWebFiltersOrder.HTTP_BASIC);
        SAML2WebSsoAuthenticationWebFilter sAML2WebSsoAuthenticationWebFilter = new SAML2WebSsoAuthenticationWebFilter(authenticationManager, sAML2Client);
        sAML2WebSsoAuthenticationWebFilter.setAuthenticationFailureHandler((webFilterExchange, authenticationException) -> {
            return Mono.error(authenticationException);
        });
        sAML2WebSsoAuthenticationWebFilter.setSecurityContextRepository(new WebSessionServerSecurityContextRepository());
        serverHttpSecurity.addFilterAt(sAML2WebSsoAuthenticationWebFilter, SecurityWebFiltersOrder.AUTHENTICATION);
        serverHttpSecurity.addFilterAt(new SAML2AnonymousWebFilter(publicRouteMatcher), SecurityWebFiltersOrder.AUTHENTICATION);
    }

    public static void forLogout(ServerHttpSecurity serverHttpSecurity, SAML2Client sAML2Client, CacheManager cacheManager, LogoutRouteMatcher logoutRouteMatcher, ConfigurableApplicationContext configurableApplicationContext) {
        LogoutWebFilter logoutWebFilter = new LogoutWebFilter();
        logoutWebFilter.setRequiresLogoutMatcher(logoutRouteMatcher);
        logoutWebFilter.setLogoutHandler(new SAML2RequestServerLogoutHandler(sAML2Client, cacheManager));
        logoutWebFilter.setLogoutSuccessHandler((webFilterExchange, authentication) -> {
            return Mono.empty();
        });
        try {
            serverHttpSecurity.addFilterAt(new SAML2LogoutResponseWebFilter(sAML2Client, (SAML2ServerLogoutSuccessHandler) ApplicationContextUtils.getOrCreateBean(configurableApplicationContext, SAML2ServerLogoutSuccessHandler.class.getName(), SAML2ServerLogoutSuccessHandler.class)), SecurityWebFiltersOrder.LOGOUT);
        } catch (ClassNotFoundException e) {
            LOG.error("While creating instance of {}", SAML2ServerLogoutSuccessHandler.class.getName(), e);
        }
        serverHttpSecurity.addFilterAt(logoutWebFilter, SecurityWebFiltersOrder.LOGOUT);
    }

    private SAML2SecurityConfigUtils() {
    }
}
